In some known network systems, analysts can determine rules or risk values (e.g., cyber-threat values, and/or similar values) for devices in their portion of the network system. The rules and/or values determined by each analyst may depend on how other devices in the network are configured, values associated with the network as a whole, and/or other values. Such determinations, therefore, can involve transmission of large quantities of data, as some known network systems may send information about each device (e.g., network information, and/or threat intelligence information) to each analyst in the network. Additionally, in some known systems that only send a portion of a network's data to an analyst (e.g., to reduce the amount of information transmitted across the network), the analyst cannot view data from the rest of the network. The limited scope of information can affect the analysts' ability to calculate certain values (such as cyber-threat values and/or threat intelligence values), to predict changes in the network (e.g., with respect to network and/or cyber-threat changes), and/or to perform other actions within their portions of the network. Analysts in some known network systems also lack an efficient way to simultaneously process data received from a global representation of the network, and to reconcile those changes with other changes being made, substantially in real-time, to the global representation.
Accordingly, a need exists for methods and apparatus that efficiently provide information about the network (including network device and threat intelligence data) as a whole to each analyst in the network, and that efficiently allow analysts to process data about their portion of the network while reconciling their changes with other changes being made to the rest of the network.